webpage security issues Albany?

Wireless broadband over 3G/4G
Post Reply
SimonG
Posts: 31
Joined: Fri Jan 02, 2009 12:33 pm
Location: Fremantle

webpage security issues Albany?

Post by SimonG » Tue Nov 24, 2009 11:32 pm

I haven't heard of this before - my parents normally use their Exetel HSPA in Perth. At the moment they are in the South-west of WA at Albany, getting good signal and speeds. However when they try to log into some websites (e.g. comsec) they are unable to log in and get security warnings in their browser, or the login just doesn't work (the page doesn't go anywhere). This doesn't happen in Perth.

Is it possible that using Exetel HSPA in Albany to do internet banking would be any different from using Exetel HSPA in Perth for the same thing?

Dazzled
Volunteer Site Admin
Posts: 6003
Joined: Mon Nov 13, 2006 1:16 pm
Location: Sydney

Re: webpage security issues Albany?

Post by Dazzled » Wed Nov 25, 2009 7:48 am

I haven't heard of it either, particularly if they use the same machine to bank in Perth. It would be interesting to capture the Javascript they have served on the browser.

To digress a little - the big banks use clumsy and intrusive Javascript in the name of security - they employ at least some semi-trained programmers who are intending to secure the Windows and IE environment, and amongst other things examine the "window" element in the browser. They will tolerate Firefox (too widespread to refuse), but if they don't recognise something or are too lazy to handle it, they abort. Comsec is known as one of these sites (I remember reading a Whirlpool discussion).

They developed this nonsense when non-MS browsers started to falsely report the user agent to get round badly written MS websites. (You can see yours at http://whatsmyuseragent.com/) There have been recent improvements. I don't use Windows or Firefox, and at one point had to add code that provided a fully spoofed MS environment to do any banking. Some browsers now have a degree of spoofing, either built-in or as an extension, as US banks show the same lack of professionalism. On the other hand, Netteller, used by Credit Unions, behaves well.

cubic
Posts: 161
Joined: Tue Nov 16, 2004 11:19 am
Location: Lake Macquarie NSW

Re: webpage security issues Albany?

Post by cubic » Wed Nov 25, 2009 10:41 am

SimonG wrote:This doesn't happen in Perth.
So they've been back to Perth and the problem went away? Or did this just start at a time that seemed to correspond with the move to Albany?

Security warnings on the ssl certs for bank websites would make me think bad things are happening - man-in-the-middle, dns poisoning, phishing sites etc. More likely local than on the HSPA connection though. I'd suggest a very thorough virus-scan on the PC they're using, and a check on the hosts file to see if that's been altered.
...the term 'Future Perfect' has been abandoned since it was discovered not to be - Douglas Adams

Dazzled
Volunteer Site Admin
Posts: 6003
Joined: Mon Nov 13, 2006 1:16 pm
Location: Sydney

Re: webpage security issues Albany?

Post by Dazzled » Wed Nov 25, 2009 11:03 am

A bit more detail would be useful, but it wasn't the OP's own machine. Unfortunately the OP hasn't detailed what the warnings were, hence my comment being a digression.

Have you had bank hassles recently cubic? I have had "security" popups and aborts in the past because I wasn't using IE or Firefox. I was once informed by a javascript-kiddie that I was using an insecure system (it was Slackware, locked down to the ground). They weren't certificate warnings (coming from my end) or malware warnings. I changed bank.

cubic
Posts: 161
Joined: Tue Nov 16, 2004 11:19 am
Location: Lake Macquarie NSW

Re: webpage security issues Albany?

Post by cubic » Wed Nov 25, 2009 11:25 am

No problems here Dazzled, using Firefox on Linux (currently Ubuntu and SUSE) for Commbank, Greater and HSBC.

Agreed, we need more detail but for me browser "security warnings" usually relate to ssl certs, and while those can be harmless (people doing ssl on the cheap) getting them on banking sites should ring alarm bells...
...the term 'Future Perfect' has been abandoned since it was discovered not to be - Douglas Adams

SimonG
Posts: 31
Joined: Fri Jan 02, 2009 12:33 pm
Location: Fremantle

Re: webpage security issues Albany?

Post by SimonG » Fri Nov 27, 2009 3:00 pm

Thanks for the responses. Sorry about the lack of detail, it is not my machine, and it is a little difficult to get the exact detail from my parents. They didn't take screenshots of the error messages, and what happens now is they try to enter the site with login, and the login is not accepted. They have reported that they can get into other banking sites and that the issue seems to be with commsec only. They have checked with commsec, including checking their username/password is correct. Commsec advise the issue isn't at their end and apparantly implied the issue must be with the ISP. They will be back in Perth soon and we will know if this is Albany ISP issue or not.

Tim K

Re: webpage security issues Albany?

Post by Tim K » Fri Nov 27, 2009 3:07 pm

I'd be very suprised if it were an "ISP" problem - assuming they are using the correct details, this seems to hint at a browser issue. Without testing back in Perth, we cannot of course be 100% sure (particularly without error messages), but I suspect this is only coincidence. In many cases, I've found this issue points at either browser security set to "super-paranoia" mode, something blocking proper HTTPS communication, or some kind of scripting problem.

Post Reply